Devecto Oy’s customer and marketing register

A privacy policy in accordance with EU’s General Data Protection Regulation (GDPR)

Updated 24/04/2020.

1. Data controller
Devecto Oy (Business ID 2616184-9), Vapaaherrantie 2, 40100 Jyväskylä

2. Contact person for issues concerning the register
Admistration Manager Marja Kettunen marja.kettunen<at>

3. Name of the register
Devecto Oy’s customer and marketing register

4. Purpose and grounds of processing personal data

According to EU’s General Data Protection Regulation processing personal data shall be lawful if the data subject has given consent to the processing of his or her personal data for one or more specific purposes or the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Devecto Oy’s customer and marketing register is used for delivering products and services, establishing, carrying out, maintaining and developing customer relationships.

Personal data is not used for automatic decision making or profiling.

5. Data content of the register
The register may include the following information:

Organisation and position
Organisation’s address details
Email address
Phone number
Other information disclosed by the data subject
Information about the ordered services
Invoicing address
Other information related to the customer relationship

6. Regular data sources of the register
The data of the marketing register is obtained via customer relationships, from Devecto Oy’s website (contact forms, cookies), as well as from publicly available Internet sources.

7. Regular disclosure of data
The data controller shall not disclose personal data to third parties unless the Finnish authorities require to do so. Data shall not be disclosed outside the EU or the European Economic Area.

8. Regular protection of the register
Personal data shall be kept confidential. Only such persons employed by Devecto Oy, who need the data for carrying out their work duties, have the right to use and access the register. The data network and equipment of the data controller and its potential IT partners, where the register is located, are protected with firewalls and other necessary technical procedures.

Agreements and other manually processed documents are stored in locked facilities which can only be accessed by separately designated persons. In addition, physical access to the facilities is prevented by security measures.

9. Right to review and to demand the rectification of data and to request data removal
The data subject has the right to review his/her data contained in the register. Data can also be corrected or removed at the request of the data subject. Requests are addressed to the email address mentioned in Section 2. The data controller has the right to require identification.

10. Other rights concerning the processing of personal data
Data shall be retained in the register for ten (10) years and they shall be stored in a confidential manner. The data subject can choose to authorise longer term retention of data, if he/she wishes.